Triton - A DBA Framework

Triton is a dynamic binary analysis (DBA) framework. It provides internal components
like a Dynamic Symbolic Execution (DSE) engine, a dynamic taint engine, AST representations of the x86, x86-64 and AArch64 Instructions Set
Architecture (ISA), SMT simplification passes, an SMT solver interface and, the last but not least, Python bindings. Based on these components,
you are able to build program analysis tools, automate reverse engineering and perform software verification.

Internal Views

Engines and Components

Taint Analysis

Taint analysis is used to know at each program point what part of memory or register are controllable by the user
input. According to the instruction semantics the taint is spread over the execution.

Dynamic Symbolic Execution

The symbolic execution engine transforms the control flow and the data flow of the program into symbolic
expressions. These expressions may be used to know at each program point what values can hold a register or part of memory.

SMT Solver Interface

This component allows you to solve symbolic expressions. As all expressions are on the SMT2-LIB representation,
you can plug any SMT solver which support this format. By default, Triton is interfaced with the Z3 SMT solver.

AST Representations of Semantics

Triton converts the x86, x86-64 and the AArch64 instruction set architecture into AST representations which allows you to
perform precise analysis and allow you to build and to modify your own symbolic expressions.

SMT Simplification Passes

Triton allows you to optimize or translate all SMT AST nodes before the assignment to a register, a memory or
a volatile symbolic expression. This feature allows you to deobfuscate some expressions.

Python Bindings

Build your own tools through a high level language and communicate with the Pin API and Triton's components via
Python bindings.